Eurail and Interrail Traveler Data Breached
▼ Summary
– A data breach at Eurail B.V. compromised personal and sensitive information for an unknown number of travelers, as announced on January 10.
– The potentially accessed data includes names, contact details, passport/ID numbers, and for DiscoverEU participants, possibly bank details and health data.
– The company has secured its systems, reset customer credentials, and is directly notifying affected customers as contact details allow.
– Eurail advises customers to be vigilant for phishing, change related passwords, and monitor bank accounts for suspicious activity.
– There is currently no evidence that the compromised data has been misused or publicly disclosed.
A significant data security incident has impacted Eurail B.V., the Dutch company responsible for selling the popular Eurail and Interrail train passes across Europe. The breach compromised a range of personal and sensitive information from an undetermined number of travelers who purchased passes or made seat reservations. The company issued a public statement on January 10th and has begun notifying affected customers directly via email.
The investigation into the breach is ongoing, but initial findings indicate that unauthorized individuals accessed customer data including first and last names, dates of birth, gender, email and home addresses, and phone numbers. More critically, the exposed information also includes passport or national ID numbers, along with their countries of issue and expiration dates. The company confirmed that this involves customers who bought passes either directly or through partner distributors.
For participants in the EU’s DiscoverEU program, which operates under the Erasmus+ initiative, the potential exposure is even more severe. The European Commission noted that additional compromised data could include bank account numbers (IBAN), photocopies of passports or IDs, and certain health-related information.
While Eurail has not disclosed the specific method attackers used to infiltrate its systems, the European Commission stated that the company has since secured the affected infrastructure and addressed the vulnerability. Eurail emphasized that there is currently no evidence of customer data being misused or publicly released, a situation being monitored by external cybersecurity experts.
In response to the incident, the company has taken several precautionary steps. It has reset user access credentials and is advising all customers to create new passwords for their accounts. A primary concern is the heightened risk of phishing scams and identity theft following such a breach. Travelers are urged to be extremely cautious of unsolicited communications, whether by phone, email, or text, that request personal details, even if the sender claims to represent Eurail.
The standard recommendations for anyone potentially affected by a data breach apply here. Experts advise changing passwords not only for the Eurail account but also for any other services linked to the compromised email address, such as social media and online banking. Individuals should scrutinize their bank statements for any unusual activity and report suspicious transactions to their financial institution immediately. Eurail has committed to directly informing customers whose data may have been accessed, provided it has their current contact information available.
(Source: HelpNet Security)
